Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/KPoxh0k354BS6yLqVnyf36sV9k8.roa
File:                     KPoxh0k354BS6yLqVnyf36sV9k8.roa (raw, json)
Hash identifier:          oXRJH2NwZDQPfhDUPNEH39U2W2l+IOabqv8ij6W50es=
Subject key identifier:   28:FA:31:87:49:37:E7:80:52:EB:22:EA:56:7C:9F:DF:AB:15:F6:4F
Certificate issuer:       /CN=c4add5ba7662b731dd08bcf8738f135d93aed451
Certificate serial:       018CC56E4C7999A648592E5D95E39B24EA86
Authority key identifier: C4:AD:D5:BA:76:62:B7:31:DD:08:BC:F8:73:8F:13:5D:93:AE:D4:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xK3VunZitzHdCLz4c48TXZOu1FE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/KPoxh0k354BS6yLqVnyf36sV9k8.roa
Signing time:             Mon 01 Jan 2024 14:29:49 +0000
ROA not before:           Mon 01 Jan 2024 14:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.149.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/xK3VunZitzHdCLz4c48TXZOu1FE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/xK3VunZitzHdCLz4c48TXZOu1FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xK3VunZitzHdCLz4c48TXZOu1FE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 11:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4c:79:99:a6:48:59:2e:5d:95:e3:9b:24:ea:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4add5ba7662b731dd08bcf8738f135d93aed451
        Validity
            Not Before: Jan  1 14:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28fa31874937e78052eb22ea567c9fdfab15f64f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5b:c5:ec:f8:df:bc:25:58:e3:45:e8:9e:c8:
                    84:df:a0:84:62:8c:50:39:01:bd:01:38:99:13:ae:
                    2f:d9:b4:68:ed:cd:ad:34:a7:8b:fe:ae:e9:38:88:
                    49:8b:07:b0:09:c7:d4:91:49:4b:6c:33:86:80:18:
                    cf:79:da:b7:c8:1c:6e:7a:3b:ab:ff:ca:b4:f7:db:
                    fa:e1:43:09:47:ba:15:76:c7:de:06:a8:52:88:28:
                    7f:c2:8b:99:5c:29:8a:14:10:65:b7:e5:61:bb:90:
                    0f:3d:00:23:f8:a2:e3:b4:d3:74:28:29:ee:b6:0f:
                    15:fa:23:2b:4e:c2:2d:bf:e0:a8:74:00:b5:a1:87:
                    33:f0:d8:73:11:31:b6:95:51:02:96:12:7f:df:8c:
                    2f:92:c7:df:28:7a:c0:4b:8c:5c:5a:55:16:f0:92:
                    9c:21:5b:9f:d5:16:e3:ff:eb:c2:c1:ad:bf:38:23:
                    60:be:b0:be:2a:67:df:56:0b:81:f4:21:ee:56:fe:
                    b2:74:42:eb:0c:85:bc:7e:0e:7f:79:9f:6f:f8:d0:
                    8c:bb:e8:a4:e6:f4:d1:f3:b8:aa:4a:23:df:ff:69:
                    ba:6e:a0:fe:48:3a:6d:b8:a8:5a:9f:d8:a1:a8:07:
                    75:cb:f3:7e:5e:3f:96:3f:56:a5:03:0a:40:f7:d4:
                    96:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:FA:31:87:49:37:E7:80:52:EB:22:EA:56:7C:9F:DF:AB:15:F6:4F
            X509v3 Authority Key Identifier:
                keyid:C4:AD:D5:BA:76:62:B7:31:DD:08:BC:F8:73:8F:13:5D:93:AE:D4:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xK3VunZitzHdCLz4c48TXZOu1FE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/KPoxh0k354BS6yLqVnyf36sV9k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/346a23-1181-4a80-9f55-dd7d47cf5c18/1/xK3VunZitzHdCLz4c48TXZOu1FE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:f8:63:62:e2:4f:f0:3f:19:da:90:65:1d:a1:0f:a4:e1:7e:
         be:2e:7c:4c:9d:92:96:36:e8:80:55:f7:9f:87:c2:fd:96:e2:
         25:24:7e:0d:99:1f:94:de:00:f4:45:23:fe:a8:e1:67:75:c0:
         76:c4:42:d8:ae:55:91:3b:36:6b:6b:c9:0d:32:04:b8:1f:65:
         ba:46:28:9d:be:14:92:53:40:cb:5d:67:7d:50:6d:1f:27:87:
         42:df:2c:6d:48:95:c6:16:6d:f5:97:99:3e:bb:32:2a:52:90:
         06:ff:c9:36:b0:29:2e:c2:5e:db:81:50:10:20:01:c9:2e:81:
         b6:a3:e5:77:2b:6f:e8:c9:4e:5a:ac:f7:1a:fb:e7:ed:ec:7f:
         f6:e1:69:c8:27:d3:23:c6:ab:d4:5e:75:b6:13:31:73:e1:06:
         1e:54:3a:d8:9d:25:2e:b1:79:a1:0f:a3:34:90:8b:f8:fe:58:
         d7:b3:75:15:37:65:f8:f9:e5:98:49:95:c0:22:28:e5:6a:1f:
         b9:9b:84:24:b5:2d:e7:9d:e6:6a:31:c9:a4:4f:70:e6:02:4a:
         08:af:04:5e:e9:fc:99:08:eb:76:42:5e:53:72:02:34:a9:51:
         e1:73:8e:4d:ed:b1:c9:d0:85:39:41:67:c5:fa:e0:a7:4b:bf:
         8d:8f:73:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbkx5maZIWS5dleObJOqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YWRkNWJhNzY2MmI3MzFkZDA4YmNmODczOGYxMzVkOTNh
ZWQ0NTEwHhcNMjQwMTAxMTQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGZhMzE4NzQ5MzdlNzgwNTJlYjIyZWE1NjdjOWZkZmFiMTVmNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVvF7PjfvCVY40XonsiE36CEYoxQ
OQG9ATiZE64v2bRo7c2tNKeL/q7pOIhJiwewCcfUkUlLbDOGgBjPedq3yBxuejur
/8q099v64UMJR7oVdsfeBqhSiCh/wouZXCmKFBBlt+Vhu5APPQAj+KLjtNN0KCnu
tg8V+iMrTsItv+CodAC1oYcz8NhzETG2lVEClhJ/34wvksffKHrAS4xcWlUW8JKc
IVuf1Rbj/+vCwa2/OCNgvrC+KmffVguB9CHuVv6ydELrDIW8fg5/eZ9v+NCMu+ik
5vTR87iqSiPf/2m6bqD+SDptuKhan9ihqAd1y/N+Xj+WP1alAwpA99SWFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCj6MYdJN+eAUusi6lZ8n9+rFfZPMB8GA1UdIwQY
MBaAFMSt1bp2Yrcx3Qi8+HOPE12TrtRRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEszVnVuWml0ekhkQ0x6NGM0OFRYWk91MUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8zNDZhMjMtMTE4MS00YTgwLTlmNTUt
ZGQ3ZDQ3Y2Y1YzE4LzEvS1BveGgwazM1NEJTNnlMcVZueWYzNnNWOWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8zNDZhMjMtMTE4MS00YTgwLTlmNTUtZGQ3ZDQ3Y2Y1YzE4
LzEveEszVnVuWml0ekhkQ0x6NGM0OFRYWk91MUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZVsMA0G
CSqGSIb3DQEBCwUAA4IBAQAI+GNi4k/wPxnakGUdoQ+k4X6+LnxMnZKWNuiAVfef
h8L9luIlJH4NmR+U3gD0RSP+qOFndcB2xELYrlWROzZra8kNMgS4H2W6RiidvhSS
U0DLXWd9UG0fJ4dC3yxtSJXGFm31l5k+uzIqUpAG/8k2sCkuwl7bgVAQIAHJLoG2
o+V3K2/oyU5arPca++ft7H/24WnIJ9MjxqvUXnW2EzFz4QYeVDrYnSUusXmhD6M0
kIv4/ljXs3UVN2X4+eWYSZXAIijlah+5m4QktS3nneZqMcmkT3DmAkoIrwRe6fyZ
COt2Ql5TcgI0qVHhc45N7bHJ0IU5QWfF+uCnS7+Nj3N9
-----END CERTIFICATE-----